An article in Pensions Age reported research from law firm RPC revealed a 4000% rise in data breach reports to the Information Commissioners Office (ICO) in the year to June 2023. As a result, pension scheme trustees have been urged to remain mindful of cybersecurity risks and ensure their customer’s data is stored safely and securely.
UK pension schemes reported the biggest-ever rise in cybersecurity breaches, increasing from six in 2021/22 to 246 in 2022/23. Such a significant rise clearly demonstrates the very real threat faced by trustees and scheme members. The report found that UK financial services firms reported 640 cybersecurity breaches to the ICO in the year to June 2023. This is nearly three times the amount reported in the previous period which was just 187, and represents a 242% increase in cyber-attacks leading to breaches.
Pension schemes could be a big target for hackers as they hold a lot of valuable information, such as sensitive financial data and personal details, which could put pensioners at risk of ransom demands and phishing attacks. They also hold significant assets for many individuals.
The Capita data breach could affect more than one million UK pension holders
These concerns follow Capita data breach, which occurred earlier this year when a number of major pension schemes were affected. Capita is one of the UK’s biggest outsourcing and professional services companies, and they suffered two significant data breaches in 2023. Capita administers the pension funds for over 450 pension providers in the UK, including the Royal Mail, Axa, PwC, Marks and Spencer, and the Universities Superannuation Scheme (USS), which is the main pension fund for universities in the UK, to and many other large firms.
The attack prompted The Pensions Regulator (TPR) to write to more than 300 pension funds, advising them to check whether their data had been affected by the breach and stolen by hackers. It is believed over a million UK pension holders could be at risk due to this cybersecurity incident.
Some of the affected pension schemes include:
- Universities Superannuation Scheme (USS)
- Marks and Spencer
- Royal Mail
- BAE Systems
- Mineworkers Pension Scheme
“As trustees, you are responsible for the security of your members’ data. If you use Capita’s services, you should check whether your pension scheme’s data could be affected. Make sure you keep communicating with Capita as the situation evolves.”
During the breaches, data that could have been stolen by hackers includes titles, initial(s), full names, date of birth, National Insurance number, pension fund member number, and retirement date. Some organisations reported that passport photos, bank account details, home addresses and phone numbers could also have been breached.
To find out more about the Capita data breach and whether you may have been affected, read our blog: Capita data breaches 2023: Everything you need to know.
The Pensions Regulator’s current guidance
In 2018, The Pensions Regulator set out its cybersecurity principles for trustees to follow in terms of their response to growing cybersecurity threats. These principles have not been updated since, despite the changes to the cyber security landscape at that time. Given the increase in cyber security threats to the pension industry, many have called for The Pensions Regulator to go further than its current guidance in this area and provide greater guidance to trustees and scheme managers.
RPC partner and head of cyber and tech insurance, Richard Breavington, argued that cybersecurity is “fundamental to pension scheme trustees’ legal duties”, warning that pension scheme trustees can be liable for failure to manage cyber risk appropriately.
They also pointed out that as per The Pension Regulators cybersecurity guidance, trustees are accountable for the security of scheme information and assets even when outsourcing day-to-day functions.
Due to the nature of the information held by pension schemes, if a hacker gained access to this, it could put many people at risk of things such as phishing scams, fraud, financial loss and reputational damage. Having your personal data stolen or exposed can be incredibly difficult for an individual and cause worry, stress and further psychological damage on top of the potential financial losses or reputational damage you may experience. As a result, those who have been victims of a data breach could be entitled to claim compensation.
HNK Solicitors can help with your data breach claim
HNK Solicitors has a team of dedicated data breach solicitors with detailed knowledge of the relevant laws and regulations around data protection. We have many years of experience helping clients obtain compensation after their personal data has been breached. You’re entitled to compensation for the distress caused as well as any damages you have suffered as a result.
Get in touch with our team today on 0151 668 0814 or email@example.com. Alternatively, fill in the contact form on our data breach protection claims page, and we’ll be in touch to arrange your free consultation, where we can discuss the details of your case and let you know if we can take on your claim on a no-win, no-fee basis.